Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks


A critical security vulnerability has been discovered in Bitdefender’s GravityZone Update Server, potentially exposing organizations to server-side request forgery (SSRF) attacks.

The flaw, identified as CVE-2024-6980, carries a high severity rating with a CVSS score of 9.2 out of 10, indicating its significant impact on affected systems.

EHA

The security issue originates from a verbose error-handling issue in the proxy service implemented in the GravityZone Update Server, which allows an attacker to initiate server-side request forgery attacks, potentially compromising the security of affected systems.

It’s important to note that this flaw only impacts GravityZone Console versions before 6.38.1-5 running on-premises. The flaw affects the Bitdefender GravityZone Update Server (versions before 6.38.1-5).

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Server-side request forgery attacks can have severe consequences for affected organizations. An attacker exploiting this vulnerability could potentially:

  1. Access sensitive internal resources
  2. Bypass security controls
  3. Manipulate server operations
  4. Gather confidential information

The high CVSS score underscores the critical nature of this vulnerability and the potential for significant damage if left unaddressed.

Bitdefender has responded swiftly to address this security concern. An automatic update to product version 6.38.1-5 has been released, which fixes the vulnerability.

Organizations using affected versions of the GravityZone Update Server are strongly advised to immediately update their systems to the latest version.

Credit for discovering this vulnerability goes to Nicolas VERDIER, also known as n1nj4sec. Responsible disclosure practices were followed, allowing Bitdefender to develop and release a patch before the vulnerability was made public.

Recommendations for Users

  1. Verify the version of your GravityZone Console and ensure it is updated to version 6.38.1-5 or later.
  2. Enable automatic updates to receive critical security patches promptly.
  3. Conduct a thorough security assessment of systems that may have been exposed to this vulnerability.
  4. Monitor for any suspicious activities that could indicate exploitation attempts.

To ensure you have the most up-to-date information, it’s recommended to:

  1. Check the GravityZone Control Center’s “About” or “System Information” section for the currently installed version.
  2. Look for any available updates in the Configuration > Update section of the GravityZone console.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access



Source link